101 to 125 of 369 Incident Response Jobs in the UK excluding London

detecting, analyzing, and mitigating malware threats to safeguard organisational systems and data. By conducting advanced static and dynamic malware analysis, the role provides critical insights into emerging threats, supports incident response activities, and enhances detection capabilities through tool and signature development. Together with colleagues spanning almost all time zones, you will help to make our clients safer and … support to the wider organisation will be critical in the development of NCC Group’s Threat Intelligence capabilities and the broader service we offer. Key Accountabilities: Malware Analysis and Response: Conduct in-depth static and dynamic analysis of new and emerging malware threats, identifying potential risks and novel attack vectors. Provide detailed analysis of malware samples as part of … Digital Forensics and Incident Response (DFIR) investigations. Respond to Requests for Information (RFIs) related to malware and binary analysis from internal and external teams. Stay up-to-date with ongoing malware campaigns and techniques, providing insight into emerging or high-impact threats. Documentation and Reporting: Document and report on the behaviour, techniques, tactics, and procedures (TTPs) used by More ❯

beyond simply reviewing logs or fixing vulnerabilities; it’s about redefining how security is perceived and integrated across everything we do. You will take a hands-on role in incident response, lead initiatives to strengthen our security posture, and be a key force in ensuring NGN stays ahead of evolving cyber threats. Please Note: National Security Vetting is … delivery of our NIS Directive Improvement Plan, ensuring compliance becomes a strategic advantage, not just a checkbox What we are looking for Experience with SIEM tools, logging, and cyber incident response Strong knowledge of EDR/AV solutions, vulnerability testing, and management Familiarity with Office 365, Active Directory, and network security (TCP/IP) Understanding of SCCM, Intune More ❯

beyond simply reviewing logs or fixing vulnerabilities; it's about redefining how security is perceived and integrated across everything we do. You will take a hands-on role in incident response, lead initiatives to strengthen our security posture, and be a key force in ensuring NGN stays ahead of evolving cyber threats. Please Note: National Security Vetting is … delivery of our NIS Directive Improvement Plan, ensuring compliance becomes a strategic advantage, not just a checkbox What we are looking for Experience with SIEM tools, logging, and cyber incident response Strong knowledge of EDR/AV solutions, vulnerability testing, and management Familiarity with Office 365, Active Directory, and network security (TCP/IP) Understanding of SCCM, Intune More ❯

beyond simply reviewing logs or fixing vulnerabilities; it’s about redefining how security is perceived and integrated across everything we do. You will take a hands-on role in incident response, lead initiatives to strengthen our security posture, and be a key force in ensuring NGN stays ahead of evolving cyber threats. Please Note: National Security Vetting is … delivery of our NIS Directive Improvement Plan, ensuring compliance becomes a strategic advantage, not just a checkbox What we are looking for Experience with SIEM tools, logging, and cyber incident response Strong knowledge of EDR/AV solutions, vulnerability testing, and management Familiarity with Office 365, Active Directory, and network security (TCP/IP) Understanding of SCCM, Intune More ❯

You will be involved in assisting in monitoring network traffic and using SIEM tools (e.g. FortiSIEM, Microsoft Sentinel) to detect suspicious activity and triage security risks and supporting incident reporting and response, including risk assessments and vulnerability scans. Role Assist in monitoring network traffic and using SIEM tools (e.g. FortiSIEM, Microsoft Sentinel) to detect suspicious activity and triage … security risks. Support incident reporting and response, including risk assessments and vulnerability scans. Gain hands-on experience managing firewalls, antivirus, endpoint security, patching, and software updates. Collaborate with IT, Legal, and other departments to ensure a unified security approach, including third-party risk assessments. Monitor and respond to the IT Security Queue (CVE updates, service requests, incidents, bulletins … . Assess and manage tickets, ensuring priority issues are resolved within 48 hours. Handle walk-up incidents and participate in major incident responses. Support the ICT security incident response process and maintain the ICT Risk Register. Manage security dashboards (SIEM, FortiMail, FortiConsole, SOPHOS, Windows Defender). Oversee job assignments and SLA performance across teams. Support projects aligned More ❯

environments, and enterprise systems. Reporting to the Cyber Resilience Manager, you'll work across technical and governance functions to ensure ongoing protection against an evolving threat landscape, while supporting incident response, architecture design, compliance, and risk management. Key Responsibilities Design and maintain enterprise-wide cloud security architectures aligned to business objectives and compliance requirements Implement security controls across … measures into the software development lifecycle (SDLC) and broader IT processes Engage with architects, IT teams, and external suppliers to embed security into system design Develop and maintain technical incident response plans and support ongoing testing and refinement Monitor industry standards and regulatory changes (e.g., NIS regulations), ensuring ongoing compliance Contribute to internal security awareness and training programmes More ❯

environments, and enterprise systems. Reporting to the Cyber Resilience Manager, you'll work across technical and governance functions to ensure ongoing protection against an evolving threat landscape, while supporting incident response, architecture design, compliance, and risk management. Key Responsibilities Design and maintain enterprise-wide cloud security architectures aligned to business objectives and compliance requirements Implement security controls across … measures into the software development lifecycle (SDLC) and broader IT processes Engage with architects, IT teams, and external suppliers to embed security into system design Develop and maintain technical incident response plans and support ongoing testing and refinement Monitor industry standards and regulatory changes (e.g., NIS regulations), ensuring ongoing compliance Contribute to internal security awareness and training programmes More ❯

IEC62443 standards. Key Responsibilities Lead the implementation of new technical security controls across OT environments. Contribute to the assessment of OT network architecture, protocols, and change management processes. Lead incident response and remediation for cyber events detected by OT SIEM systems. Actively support vulnerability management and ensure threat exposure is minimised. Provide hands-on leadership in data and … and energy-sector-specific technologies. Demonstrable experience implementing security controls within OT environments. Hands-on knowledge of OT technologies and protocols, including experience managing configuration changes. Experience working within incident response frameworks-from coordination to containment and recovery. Familiarity with threat modelling and architectural reviews, particularly in critical national infrastructure. Relevant certifications or credentials in IEC62443 or cyber More ❯

IEC62443 standards. Key Responsibilities Lead the implementation of new technical security controls across OT environments. Contribute to the assessment of OT network architecture, protocols, and change management processes. Lead incident response and remediation for cyber events detected by OT SIEM systems. Actively support vulnerability management and ensure threat exposure is minimised. Provide hands-on leadership in data and … and energy-sector-specific technologies. Demonstrable experience implementing security controls within OT environments. Hands-on knowledge of OT technologies and protocols, including experience managing configuration changes. Experience working within incident response frameworks-from coordination to containment and recovery. Familiarity with threat modelling and architectural reviews, particularly in critical national infrastructure. Relevant certifications or credentials in IEC62443 or cyber More ❯

Ability to demonstrate any IRM solution and SecOps solutions as and when needed. Knowledge of various modules like Policy Mgmt. Compliance & Audit Mgmt., Vendor Mgmt., Business Continuity Management, Vulnerability Response, Incident Response, Security Dashboard on ServiceNow IRM platform Assess as-is IRM processes for maturity and automation on ServiceNow platform Knowledge of Advance risk management and continuous More ❯

Ability to demonstrate any IRM solution and SecOps solutions as and when needed. Knowledge of various modules like Policy Mgmt. Compliance & Audit Mgmt., Vendor Mgmt., Business Continuity Management, Vulnerability Response, Incident Response, Security Dashboard on ServiceNow IRM platform Assess as-is IRM processes for maturity and automation on ServiceNow platform Knowledge of Advance risk management and continuous More ❯

Ability to demonstrate any IRM solution and SecOps solutions as and when needed. Knowledge of various modules like Policy Mgmt. Compliance & Audit Mgmt., Vendor Mgmt., Business Continuity Management, Vulnerability Response, Incident Response, Security Dashboard on ServiceNow IRM platform Assess as-is IRM processes for maturity and automation on ServiceNow platform Knowledge of Advance risk management and continuous More ❯

STIGs, and UK Functional Standard 007 Vulnerability Assessment & Access Review Support regular access reviews, entitlement audits, and role certification; identify and remediate potential vulnerabilities in provisioning and access enforcement. Incident Management & Response Participate in access-related incident response, including unauthorized access investigations, root-cause analysis, and mitigation measures. Client Engagement & Training Collaborate with stakeholders to understand … SAML/OAuth, and access governance tools. Security Framework Knowledge : Understanding of defence and public-sector security frameworks (JSP 440/604, STIGs, ISO 27001, Government Functional Standard 007) Incident & Risk Handling : Proven ability to conduct security incident investigations relevant to unauthorized access and remediate gaps. Communication Skills : Strong ability to engage with both technical teams and non More ❯

SOC Lead to take ownership of a high-performing Security Operations Centre working on critical defence and national security projects. You'll lead day-to-day SOC operations, drive incident response, and mentor analysts to strengthen detection and response capability against evolving threats. If you want to combine technical depth with leadership responsibility, this role offers both … for complex incidents and investigations Reviewing, tuning and enhancing detection rules, alerts and playbooks in SIEM/SOAR tools Providing mentorship and technical guidance to SOC analysts Driving post-incident reviews, root cause analysis and continuous improvement Conducting proactive threat hunting and supporting compliance/audit requirements Collaborating with wider IT/security teams to improve detection and response capability What you'll bring 3+ years' experience in a SOC or security operations role Strong knowledge of incident detection, response and threat analysis Hands-on experience with SIEM, SOAR and endpoint detection tools Excellent problem-solving, analytical and communication skills A degree in a relevant subject or equivalent experience Relevant certifications such as GCIA, GCIH, CEH More ❯

and mitigating potential risks. You will oversee information security, compliance, and risk management practices based on industry-accepted information security and risk management frameworks, whilst establishing and maintaining an incident response plan, including incident detection, response, investigation, and resolution, to minimise the impact of security incidents. What you'll need to succeed Demonstrable experience of implementing More ❯

performing advanced investigations and, when required, first-line triage to maintain queue health and SLA compliance. You are responsible for high-quality service delivery through detailed analysis, evidence-led response actions, and operational leadership. In addition to handling escalated alerts, you provide line management, oversee ticket quality, contribute to training and onboarding, and drive continual improvement. You work core … business hours with participation in the on-call rota, ensuring consistent service support for customers and operational continuity across teams. Key Responsibilities • Incident Investigation and Response - You take ownership of escalated incidents, performing detailed investigations and, when necessary, stepping into first-line triage to guarantee prompt alert handling and escalation. • Team Leadership - You provide day-to-day leadership … SOC Analysts, conducting performance reviews, appraisals, one-to-one meetings, and development planning. • Quality Assurance - You own QA for the team’s outputs, ensuring consistency, accuracy, and completeness of incident handling and documentation across the team. • Training and Onboarding - You lead knowledge-transfer sessions, support structured onboarding of new team members, and coordinate internal training to drive skill development More ❯

performing advanced investigations and, when required, first-line triage to maintain queue health and SLA compliance. You are responsible for high-quality service delivery through detailed analysis, evidence-led response actions, and operational leadership. In addition to handling escalated alerts, you provide line management, oversee ticket quality, contribute to training and onboarding, and drive continual improvement. You work core … business hours with participation in the on-call rota, ensuring consistent service support for customers and operational continuity across teams. Key Responsibilities • Incident Investigation and Response - You take ownership of escalated incidents, performing detailed investigations and, when necessary, stepping into first-line triage to guarantee prompt alert handling and escalation. • Team Leadership - You provide day-to-day leadership … SOC Analysts, conducting performance reviews, appraisals, one-to-one meetings, and development planning. • Quality Assurance - You own QA for the team’s outputs, ensuring consistency, accuracy, and completeness of incident handling and documentation across the team. • Training and Onboarding - You lead knowledge-transfer sessions, support structured onboarding of new team members, and coordinate internal training to drive skill development More ❯

council is a Living Wage Employer. Responsibilities: Assist in monitoring network traffic and using SIEM tools (e.g. FortiSIEM, Microsoft Sentinel) to detect suspicious activity and triage security risks. Support incident reporting and response, including risk assessments and vulnerability scans. Gain hands-on experience managing firewalls, antivirus, endpoint security, patching, and software updates. Collaborate with IT, Legal, and other … Security Queue (CVE updates, service requests, incidents, bulletins). Assess and manage tickets, ensuring priority issues are resolved within 48 hours. Handle walk-up incidents and participate in major incident responses. Support the ICT security incident response process and maintain the ICT Risk Register. Manage security dashboards (SIEM, FortiMail, FortiConsole, SOPHOS, Windows Defender). Oversee job assignments More ❯

As part of the Security Operations team, the analyst will work closely with cross-functional teams to identify, investigate, and mitigate cybersecurity threats, ensuring a robust and secure environment. Incident Detection & Response: Analyze security events to determine if they represent legitimate threats, and initiate an appropriate incident response to contain and mitigate any detected issues. Threat … timely patching of identified vulnerabilities. Security Enhancements: Collaborate with IT and other business units to implement security improvements, including automation, configuration changes, and policy enforcement. Documentation & Reporting: Create detailed incident reports, document findings, and provide recommendations to enhance the organization’s cybersecurity posture. Stay Informed: Keep up with the latest cybersecurity trends, vulnerabilities, and best practices, and recommend proactive More ❯

As part of the Security Operations team, the analyst will work closely with cross-functional teams to identify, investigate, and mitigate cybersecurity threats, ensuring a robust and secure environment. Incident Detection & Response: Analyze security events to determine if they represent legitimate threats, and initiate an appropriate incident response to contain and mitigate any detected issues. Threat … timely patching of identified vulnerabilities. Security Enhancements: Collaborate with IT and other business units to implement security improvements, including automation, configuration changes, and policy enforcement. Documentation & Reporting: Create detailed incident reports, document findings, and provide recommendations to enhance the organization’s cybersecurity posture. Stay Informed: Keep up with the latest cybersecurity trends, vulnerabilities, and best practices, and recommend proactive More ❯

As part of the Security Operations team, the analyst will work closely with cross-functional teams to identify, investigate, and mitigate cybersecurity threats, ensuring a robust and secure environment. Incident Detection & Response: Analyze security events to determine if they represent legitimate threats, and initiate an appropriate incident response to contain and mitigate any detected issues. Threat … timely patching of identified vulnerabilities. Security Enhancements: Collaborate with IT and other business units to implement security improvements, including automation, configuration changes, and policy enforcement. Documentation & Reporting: Create detailed incident reports, document findings, and provide recommendations to enhance the organization’s cybersecurity posture. Stay Informed: Keep up with the latest cybersecurity trends, vulnerabilities, and best practices, and recommend proactive More ❯

You will be responsible for planning and implementing appropriate security controls to ensure that the information within is kept secure. Key functions/outputs: Vulnerability Scanning & Reporting Endpoint Security Incident Management & Tickets System Hardening Change Work Participation in Regular Meetings Documentation Vulnerability Scanning & Reporting Code Scans: perform regular code scans to audit code quality metrics, potential bugs, and security … access and threats are being blocked. Access Control: ensuring that access controls have been implemented correctly to only allow authorised users to gain access to certain data and systems. Incident Management & Tickets: Incident Identification: help to recognise and confirm potential incidents through alerts, logs and user reports. This includes distinguishing between true threats and false positives. Incident Response: respond to potential security breaches or cyber-attacks. The main effort should focus on containment, mitigating the damage, investigation of the root cause of the incident and restoring to normal operations. Ticket Requests: respond to and resolve any tickets raised to the Leidos Security group on SD+ that require Cyber Security Engineering input. System Hardening: Patch More ❯

etc.) for OT cybersecurity. Lead a high-performing OT cybersecurity team, developing our people as well as technology. Oversee OT-focused vulnerability management, solutions development, conformance support, and incident response. Engage with regulators, customers, and industry partners to maintain bps position as a leader in OT security. Advise senior leadership and the Board on OT cybersecurity risk posture, investment … should be expected with this role Relocation Assistance: Relocation may be negotiable for this role Remote Type: This position is a hybrid of office/remote working Skills: Consulting, incident investigation and response, Incident Management, Information Assurance, Information Security, Information security behaviour change, Risk Management, Stakeholder Management, Supplier Relationship Management, Supplier security management Legal Disclaimer: We are More ❯

etc.) for OT cybersecurity. Lead a high-performing OT cybersecurity team, developing our people as well as technology. Oversee OT-focused vulnerability management, solutions development, conformance support, and incident response. Engage with regulators, customers, and industry partners to maintain bps position as a leader in OT security. Advise senior leadership and the Board on OT cybersecurity risk posture, investment … should be expected with this role Relocation Assistance: Relocation may be negotiable for this role Remote Type: This position is a hybrid of office/remote working Skills: Consulting, incident investigation and response, Incident Management, Information Assurance, Information Security, Information security behaviour change, Risk Management, Stakeholder Management, Supplier Relationship Management, Supplier security management Legal Disclaimer: We are More ❯

security aspects of design, build, implementation, operation, process, and policy, to ensure they are secure, resilient, and compliant with local and national standards. You'll assist with Cyber Security incident detection, response and recovery as well as the development, implementation, maintenance and testing of the Trust's Cyber Incident Response Plan (CIRP) and Security Strategy. You More ❯